Security News

November 21, 2020

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

This post was originally published on this siteFraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident is the latest incursion at GoDaddy that relied on tricking employees into transferring ownership and/or control over targeted domains to fraudsters. In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com. And in May of this year, GoDaddy disclosed […]
November 20, 2020

Convicted SIM Swapper Gets 3 Years in Jail

This post was originally published on this siteA 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft via SIM swapping, a crime that involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers control. Conor Freeman of Dublin took part in the theft of more than two million dollars worth […]
November 18, 2020

Trump Fires Security Chief Christopher Krebs

This post was originally published on this sitePresident Trump on Tuesday fired his top election security official Christopher Krebs (no relation). The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly claims was stolen by widespread voting fraud. Chris Krebs. Image: CISA. Krebs, 43, is a former Microsoft executive appointed by Trump to head the Cybersecurity and Infrastructure Security Agency (CISA), a division of the U.S. Department of Homeland Security. As part of that role, Krebs organized federal and state efforts to improve election security, and to dispel disinformation about the integrity of the […]
November 17, 2020

Be Very Sparing in Allowing Site Notifications

This post was originally published on this siteAn increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters. Notification prompts in Firefox (left) and Google Chrome. When a website you visit asks permission to send notifications and you approve the request, the resulting messages that pop up appear outside of the browser. For example, on Microsoft […]
November 10, 2020

Patch Tuesday, November 2020 Edition

This post was originally published on this siteAdobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft’s release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug. Some 17 of the 112 issues fixed in today’s patch batch involve “critical” problems in Windows, or those that can be exploited by malware or malcontents to seize complete, remote control over a vulnerable […]
November 10, 2020

Ransomware Group Turns to Facebook Ads

This post was originally published on this siteIt’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. On the evening of Monday, Nov. 9, an ad campaign apparently taken out by the Ragnar Locker Team began appearing on Facebook. The ad was designed to turn the screws to the Italian beverage vendor Campari Group, which acknowledged on Nov. 3 that its computer systems had been […]
November 8, 2020

Body Found in Canada Identified as Neo-Nazi Spam King

This post was originally published on this siteThe body of a man found shot inside a burned out vehicle in Canada three years ago has been identified as that of Davis Wolfgang Hawke, a prolific spammer and neo-Nazi who led a failed anti-government march on Washington, D.C. in 1999, according to news reports. Homicide detectives said they originally thought the man found June 14, 2017 in a torched SUV on a logging road in Squamish, British Columbia was a local rock climber known to others in the area as a politically progressive vegan named Jesse James. Davis Wolfgang Hawke. Image: […]
November 4, 2020

Why Paying to Delete Stolen Data is Bonkers

This post was originally published on this siteCompanies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. Leaving aside the notion that victims might have any real expectation the attackers will actually destroy the stolen data, new research suggests a fair number of victims who do pay up may see some or all of the stolen data published anyway. The findings come in […]
November 3, 2020

Two Charged in SIM Swapping, Vishing Scams

This post was originally published on this siteTwo young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K. Milleson, 21 of Timonium, Md. and 19-year-old Kingston, Pa. resident Kyell A. Bryan hijacked social media and bitcoin accounts using a mix of voice phishing or “vishing” attacks and “SIM swapping,” a form of fraud that involves bribing or tricking employees at mobile phone […]
October 28, 2020

FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals

This post was originally published on this siteOn Monday, Oct. 27, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an “imminent cybercrime threat to U.S. hospitals and healthcare providers.” The agencies on the conference call, which included the U.S. Department of Health and Human […]
October 28, 2020

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

This post was originally published on this siteIn March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of customers globally, including banks, government agencies, airports, casinos, […]
October 26, 2020

Google Mending Another Crack in Widevine

This post was originally published on this siteFor the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney, Hulu and Netflix to prevent their content from being pirated. The latest cracks in Widevine concern the encryption technology’s protection for L3 streams, which is used for low-quality video and audio streams only. Google says the weakness does not affect L1 and L2 streams, which encompass more high-definition video and audio content. “As code protection is always evolving to address new threats, we […]
October 22, 2020

The Now-Defunct Firms Behind 8chan, QAnon

This post was originally published on this siteSome of the world’s largest Internet firms have taken steps to crack down on disinformation spread by QAnon conspiracy theorists and the hate-filled anonymous message board 8chan. But according to a California-based security researcher, those seeking to de-platform these communities may have overlooked a simple legal solution to that end: Both the Nevada-based web hosting company owned by 8chan’s current figurehead and the California firm that provides its sole connection to the Internet are defunct businesses in the eyes of their respective state regulators. In practical terms, what this means is that the […]
October 18, 2020

QAnon/8Chan Sites Briefly Knocked Offline

This post was originally published on this siteA phone call to an Internet provider in Oregon on Sunday evening was all it took to briefly sideline multiple websites related to 8chan/8kun — a controversial online image board linked to several mass shootings — and QAnon, the far-right conspiracy theory which holds that a cabal of Satanic pedophiles is running a global child sex-trafficking ring and plotting against President Donald Trump. Following a brief disruption, the sites have come back online with the help of an Internet company based in St. Petersburg, Russia. The IP address range in the upper-right portion […]
October 16, 2020

Attending a Video Conference

This post was originally published on this siteWhen attending a video conference, make sure you are using the latest version of the conferencing software. In addition, if you are using the video option make sure there is nothing sensitive behind you that others would see.
October 15, 2020

Breach at Dickey’s BBQ Smokes 3M Cards

This post was originally published on this siteOne of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the data was stolen in a lengthy data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country. An ad on the popular carding site Joker’s Stash for “BlazingSun,” which fraud experts have traced back to a card breach at Dickey’s BBQ. On Monday, the carding bazaar Joker’s Stash debuted “BlazingSun,” a new batch of more than three million stolen […]
October 13, 2020

Microsoft Patch Tuesday, October 2020 Edition

This post was originally published on this siteIt’s Cybersecurity Awareness Month! In keeping with that theme, if you (ab)use Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system. That means it’s once again time to backup and patch up. Eleven of the vulnerabilities earned Microsoft’s most-dire “critical” rating, which means bad guys or malware could use them to gain complete control over an unpatched system with little or no help from users. Worst in […]
October 12, 2020

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

This post was originally published on this siteMicrosoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot, a global menace that has infected millions of computers and is used to spread ransomware. A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks. However, it appears the operation has not completely disabled the botnet. A spam email containing a Trickbot-infected attachment that was sent earlier this year. Image: Microsoft. “We disrupted Trickbot through […]
October 9, 2020

Report: U.S. Cyber Command Behind Trickbot Tricks

This post was originally published on this siteA week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet, a malware crime machine that has infected millions of computers and is often used to spread ransomware. A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military’s Cyber Command. Image: Shuttstock. On October 2, KrebsOnSecurity reported that twice in the preceding ten days, an unknown entity that had inside access to the Trickbot botnet sent all infected systems a command telling them to disconnect themselves from the Internet […]
October 8, 2020

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

This post was originally published on this siteThere’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. One of the most […]
October 7, 2020

Promising Infusions of Cash, Fake Investor John Bernard Walked Away With $30M

This post was originally published on this siteSeptember featured two stories on a phony tech investor named John Bernard, a pseudonym used by a convicted thief named John Clifton Davies who’s fleeced dozens of technology companies out of an estimated $30 million with the promise of lucrative investments. Those stories prompted a flood of tips from Davies’ victims that paint a much clearer picture of this serial con man and his cohorts, including allegations of hacking, smuggling, bank fraud and murder. KrebsOnSecurity interviewed more than a dozen of Davies’ victims over the past five years, none of whom wished to […]
October 2, 2020

Attacks Aimed at Disrupting the Trickbot Botnet

This post was originally published on this siteOver the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations. A text snippet from one of the bogus Trickbot configuration updates. Source: Intel 471 On Sept. 22, someone pushed out a new configuration file to Windows computers currently infected with Trickbot. The crooks running the Trickbot botnet typically use these config files […]
October 2, 2020

Kids and Family Members

This post was originally published on this siteIf you have children visiting or staying with family members (such as grandparents), make sure the family members know your rules concerning technology that your kids must follow. Just because your kids leave the house does not mean the rules about what they can do online change.
October 1, 2020

Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam

This post was originally published on this siteCompanies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today. Image: Shutterstock In its advisory (PDF), the Treasury’s Office of Foreign Assets Control (OFAC) said “companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating […]
September 29, 2020

Who’s Behind Monday’s 14-State 911 Outage?

This post was originally published on this siteEmergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft‘s Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen, two companies that together handle 911 calls for a broad swath of the United States. Image: West.com On the afternoon of Monday, Sept. 28, several […]